What's Changed
• Telegram / MTProto Decryption (still early version - needs more tests; currently only Android)
- Added new
mtprotoandtelegramkeylog handlers that writeMTPROTO_AUTH_KEY(cloud chat) andMTPROTO_E2E_KEY(Secret Chat) lines into a single combined keylog. - Added an offline MTProto decryptor — TCP reassembly, obfuscated-transport de-obfuscation, and AES-IGE record decryption matched by
auth_key_id. - Added an offline Secret-Chat (E2E) decryptor that peels the second AES-IGE layer keyed by the per-chat
key_fingerprint. - Docs: [Telegram (MTProto)](https://fkie-cad.github.io/friTap/protocols/telegram/).
• Passive Analysis (--scan) - still experimental (early version)
- Added the
PrivacyAnalyzerfor PII detection (email, phone, PAN via Luhn, IBAN via mod-97, SSN, IMEI, MAC). Findings are redacted by default; reveal with--scan-show-pii. - New report filters:
--scan-category(secret,pii,network,protocol),--scan-min-confidence, and--scan-source. - Docs: [Traffic Analysis](https://fkie-cad.github.io/friTap/advanced/traffic-analysis/), [CLI Reference](https://fkie-cad.github.io/friTap/api/cli/).
• External Analyzers - still experimental (early version)
- Load custom analyzers with
--analyzer-path MODULE[:CLASS]; enumerate built-ins and discovered externals with--list-analyzers. - Zero-config discovery (drop-in directory + entry points) now works across the Python API, CLI, and TUI.
- Docs: [Plugins & Custom Scripts](https://fkie-cad.github.io/friTap/development/plugins/).
• Offline Replay
- Offline decryptors are now resolved through a pluggable registry (
tls,mtproto,telegram, …). - Added
--show-layersto print each decrypted flow's protocol layer stack. - Added reusable, stateless HTTP/2 DATA-frame and RFC 6455 WebSocket de-framers (enabling -over-HTTP/2 recovery).
- Docs: [Offline Quick Start](https://fkie-cad.github.io/friTap/getting-started/offline-quickstart/), [Offline pcap to .tap](https://fkie-cad.github.io/friTap/advanced/offline-pcap-to-tap/).
• TUI & Packaging
- New a pcap→
.tapconversion wizard and decrypt-confirm / open-pcap modals. This helps to analyze plaintext pcap directly with fritap. - Added
requirements-minimal.txtfor a lean install, alongside a large expansion of unit and integration tests. - Docs: [Interactive TUI](https://fkie-cad.github.io/friTap/getting-started/tui/).
Full Changelog: [v2.0.9...v2.2.1](v2.0.9...v2.2.1)